Tag: Charges | Page 5

U.S. Law Enforcement Charges Russian Nationals In Global Energy Hacking Scheme

March 25, 2022/in Computer Security

The Department of Justice unsealed charges brought against four Russian nationals who are accused of working for the Russian government while simultaneously attempting to hack into the online infrastructure of the global energy sector.

In two indictments, the defendants are accused of hacking thousands of computers across hundreds of companies and firms in 135 individual countries participating within the energy industry.

“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” said Deputy Attorney General Lisa O. Monaco. “Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant.”

The prosecutors allege that three officers of Russia’s Federal Security Service and other co-conspirators targeted software systems in the global energy sector to give the Russian government the ability to compromise the overall industry.

One indictment alleges that Pavel Aleksandrovich Akulov, 36, Mikhail Mikhailovich Gavrilov, 42, and Marat Valeryevich Tyukov, 39, of engaging in a two-part hacking attempt to further the Russian state agenda, targeting international oil and gas companies between 2012 and 2017. They allegedly targeted hardware and software devices that control power generation equipment.

The hacking infected legitimate software updates with malware to provide a “backdoor” entrance for hackers to access infected networks.

The second phase involved targeting individuals and engineers with spearphishing attacks—some of which were successful—and infecting sites commonly visited by energy sector engineers with malware.

The defendants are charged with conspiracy to cause damage to the property of an energy facility and commit computer fraud and abuse, and conspiracy to commit wire fraud. Akulov and Gavrilov are also charged with multiple counts of wire fraud and illegally obtaining information stored on computer networks. Akulov and Gavrilov also face three counts of aggravated identity theft.

In the second indictment, Evgeny Viktorovich Gladkikh, 36, is accused of…

Source…

Missouri prosecutor declines to file charges over ‘hacker’ allegation against reporter

February 14, 2022/in Computer Security

Relief as controversial charges dropped tempered by fears about chilling effect

Missouri prosecutor declines to file charges over 'hacker' allegation against reporter

Missouri’s public prosecutor has decided not to file charges against a journalist accused of illegal hacking over his disclosure of security vulnerabilities in a state government-run website.

St. Louis Post-Dispatch reporter Josh Renaud expressed “relief” at the news but said the allegations made against him by Missouri governor Mike Parson in October 2021 could have a “chilling effect” on the good-faith reporting of security flaws.

The accusations centred on Renaud’s discovery of a problem in a domain maintained by the Missouri Department of Elementary and Secondary Education (DESE) that potentially exposed more than 100,000 Social Security numbers (SSNs) belonging to teachers and other school staff.

BACKGROUND Missouri governor criticized for confusing vulnerability disclosure with criminal hacking

In a story published on October 13, the St. Louis Post-Dispatch revealed that it had notified DESE of the vulnerability and delayed publication of the findings to give the agency time to secure the exposed data.

A number of cybersecurity experts said at the time that this approach to vulnerability disclosure accorded with how professional security researchers routinely alert businesses to security flaws.

Some noted that Renaud’s actions did not even constitute ‘hacking’, since he had simply viewed the site’s HTML source code, which was leaking the sensitive data – something easily done using web browsers’ built-in functionality.

Nevertheless, Governor Parson labelled Renaud a “hacker”, claimed he had violated state computer crime laws, and referred the matter to the Missouri State Highway Patrol, which investigated the episode and relayed its findings to Cole County prosecutor Locke Thompson.

However, four months later, on Friday (February 11), Thompson told television station KRCG that he would not be filing charges.

‘Political persecution’

“This decision is a relief. But it does not repair the harm done to me and my family,” Renaud said in a statement (PDF).

“My actions were entirely legal and consistent with established journalistic…

Source…

Missouri governor is calling for criminal charges against a journalist who found social security numbers exposed on a public website

October 16, 2021/in Computer Security

The governor of Missouri is calling for criminal charges against a reporter who found social security numbers exposed online.
The reporter found that the SSNs of over 100,000 teachers were viewable on a government site.
Gov. Mike Parson labeled the reporter a “hacker” and demanded an investigation – which cyber experts say makes no sense.

Missouri Gov. Mike Parson is demanding a criminal investigation into a journalist who found social security numbers exposed on a state website – a reaction that cybersecurity experts say makes no sense.

On Wednesday, St. Louis Post-Dispatch reporter Josh Renaud published a story revealing that the state’s education department website exposed the SSNs of over 100,000 employees including teachers and administrators. All Renaud had to do to view the SSNs was open “inspect element” to view the page’s source code, which anyone can do with two clicks of a mouse.

Renaud first disclosed the exposure to the state on Tuesday and waited until the issue was fixed before publishing his story – a well-established best practice in cybersecurity reporting.

But after the story went live, Parson held a press conference Thursday slamming Renaud as a “hacker” and calling on state prosecutors to conduct a criminal investigation into his report.

“We will not let this crime against Missouri teachers go unpunished,” Parson said. “They were acting against a state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell headlines for their news outlet.”

Parson’s remarks have been met by widespread bewilderment and outrage from cybersecurity experts, who say Renaud disclosed the exposed data responsibly and that using a web browser’s “inspect element” tool does not constitute hacking.

“Hitting F12 in a browser is not hacking,” SocialProof Security CEO Rachel Tobac said in a tweet. “Fix your website.” Another cybersecurity researcher, Matt Blaze, admonished Parson for moving to “call the cops” on someone who “quite responsibly” disclosed the vulnerability.

A day after Parson’s press conference, Cybersecurity and Infrastructure Security Agency director Jen Easterly tweeted that the…

Source…

Journalist warns Missouri about security breach. He’s threatened with criminal charges. – East Bay Times

October 15, 2021/in Computer Security

JEFFERSON CITY, Mo. (AP) — Gov. Mike Parson on Thursday condemned the St. Louis Post-Dispatch for exposing a flaw in a state database that allowed public access to thousands of teachers’ Social Security numbers, even though the paper held off from reporting about the flaw until after the state could fix it.

Parson told reporters outside his Capitol office that the Missouri State Highway Patrol’s digital forensic unit will be conducting an investigation “of all of those involved” and that his administration had spoken to the prosecutor in Cole County.

The governor suggested that the Post-Dispatch journalist who broke the story committed a crime and said the news outlet would be held accountable.

The state’s schools department had earlier referred to the reporter who broke the story as “a hacker.”

The Post-Dispatch broke the news about the security flaw on Wednesday. The newspaper said it discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials.

It notified the Department of Elementary and Secondary Education and gave it time to fix the problem before the story was published.

After removing the pages from its website Tuesday, the agency issued a news release that called the person who discovered the vulnerability a “hacker” — an apparent reference to the reporter — who “took the records of at least three educators.” The agency didn’t elaborate as to what it meant by “took the records” and it declined to discuss the issue further when reached by The Associated Press.

The Post-Dispatch journalist found that the school workers’ Social Security numbers were in the HTML source code of the pages. It estimated that more than 100,000 Social Security numbers were vulnerable.

Source codes are accessible by right-clicking on public webpages.

The newspaper’s president and publisher, Ian Caso, said in a statement that the Post-Dispatch stands by the story and journalist Josh Renaud, who he said “did everything right.”

“It’s regrettable the governor has chosen to deflect blame onto the journalists who uncovered the website’s problem and brought it to the Department of Elementary…

Source…

Tag Archive for: Charges

‘Political persecution’